Slashdot Mirror

← Back to Stories (view on slashdot.org)

Syrian Dissidents Hit By Another Wave of Targeted State-Sponsored Attacks

Posted by Soulskill on from the not-giving-up dept.

Trailrunner7 writes "One of the attackers who has been targeting Syrian anti-government activists with malware and surveillance tools has returned and upped the ante with the use of the BlackShades RAT, a remote-access tool that gives him the ability to spy on victims machines through keylogging and screenshots. The original attacks against Syrian activists, who are working against the government's months-long violent crackdown, were using another RAT known as Xtreme RAT, with similar capabilities. That malware was being spread through a couple of different targeted attacks, including one in which activists were directed to YouTube videos and their account credentials were then stolen when they logged in to leave comments. That attack continued with the installation of the RAT, giving the attacker surreptitious access to the victims' machines, enabling him to monitor their activities online. Now, researchers say that at least one attacker who is known to be involved in these targeted attacks also is using the BlackShades RAT in a new set of attacks."

35 of 54 comments (clear)

  1. IT'S OKAY !! RUSSIA AND CHINA SAY SO !! by Anonymous Coward · · Score: 3, Funny

    So relax, take it easy !!

  2. Can't they by Threni · · Score: 2

    burn the Tails TOR distro to cd so it's read only. And do basic, common sense stuff like using disposable accounts to post publicly (signing content so people can trust the authenticity of the posts)?

  3. Youtube? by girlintraining · · Score: 1
    I have to question the accuracy of this submission; If they're directed to YouTube and that is the source of the drive-by infection, then that means that everyone who uses YouTube globally would be vulnerable to this, not just Syrian dissidents. It would also require the cooperation of Google; Which in turn means this is tandamount to an admission that the US government is helping Syria track down it's political dissidents. Historically, we have invested a lot of intelligence resources to help those dissidents destabilize that government. It seems unlikely we'd reverse that trend now.

    So it is more likely that either the Syrian government is hijacking requests destined for YouTube to its own servers via one of a dozen or so possible attack vectors (BGP poisoning, man in the middle attack, etc.), or the site is a lookalike that isn't YouTube.

    So, which is it?

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Youtube? by idontgno · · Score: 3, Interesting

      Proxying plus script injection could accomplish this effect without Google's complicity or any type of site spoofing.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
  4. where are you Anonymous? by circletimessquare · · Score: 1

    Do some good. Load those low orbit ion cannons, ddos the Syrian Govt's capacity.

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:where are you Anonymous? by Mashiki · · Score: 2

      AHahaha...yeah the script kiddies. Oh sure. Yep they're out doing good stuff again. So anyway, I mean the rebels are out doing things like trying to get reporters killed too. But hey, whatever. Pallywood everywhere!

      --
      Om, nomnomnom...
    2. Re:where are you Anonymous? by Dan541 · · Score: 1

      Oh yea, a bunch of foul mouth teenager with cmd.exe ping are going to save the day.

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    3. Re:where are you Anonymous? by Mashiki · · Score: 1

      We all know Israel just want to keep those dictators so it sent out her idiots to spread propaganda. ....

      That makes even less sense than what you usually see from the average Israel hater. So let me see if I get this straight, Israel, and in turn Jews, the most prosecuted religious and ethnic group that we've seen in the last 2000 years, has a vested interest in...oppressing themselves? Okay there. That's why in every defensive war they've ever fought, they've given up more than what they've gained in order to secure peace.

      Yeah, just a few bricks short of a full load there.

      --
      Om, nomnomnom...
    4. Re:where are you Anonymous? by Psyborgue · · Score: 1

      So Israel, is supporing Assad you say? An ally of Iran and a state supporter of terrorist attacks against Israel (Hezbollah, among others)? Seems to be Israel has no reason at all to support Assad. Sure the rebels might exactly be friendly either, but they can hardly be worse. No matter who is in power, weapons are going to get smuggled into Lebanon. Sunni may not like Shiite, but they both hate the Jews and are willing to cooperate when convenient. Iran supplies and funds Hamas and other Sunni groups, for example, not just Hezbollah.

  5. O RLY? by Anonymous Coward · · Score: 1

    If you still believe in Syrian "dissidents", watch this.
    https://www.youtube.com/watch?v=cGYTM9-DSEI#t=36m02s

    1. Re:O RLY? by Dunbal · · Score: 1

      Yah I love the part where he tries to drag "building 7" into it.

      --
      Seven puppies were harmed during the making of this post.
    2. Re:O RLY? by Anonymous Coward · · Score: 1

      it's getting to the point where you can predict the argument before even clicking the link

      No, it has got to the point when lots of people are completely zombified by Western propaganda and are unwilling to even hear anything that contradicts it. And you are the perfect example.

    3. Re:O RLY? by Anonymous Coward · · Score: 2, Insightful

      I think it's more like people like you are sick of Western propaganda and are willing to embrace anything that contradicts it, including greater falsehoods.

    4. Re:O RLY? by Em+Adespoton · · Score: 2

      I'm going to point out that this entire article is about luring people to view Youtube videos in an attempt to load a RAT onto their PC... Just saying.

    5. Re:O RLY? by Psyborgue · · Score: 1

      The fuck are you on about? Assad supports Hezbollah and is an ally to Iran. Why on earth would Israel support Syria. If you want to know who IS supporting Syria, look to Iran, China, and Russia, and the latter two only because of oil from and weapons sales to Syria and Iran. It's in Israel's interests to back the rebels if anybody, but won't do so publicly because in the Arab world, if a Jew is on your side, you lose all credibility. As much has been said by the current administration in Israel. The rebels might not exactly be friendly to Israel, but it can't possibly get much worse than the current regieme in Syria.

      tl;dr kill yourself

  6. Why should I believe you? by Anonymous Coward · · Score: 5, Insightful

    This is a propaganda war as much as anything, and I don't have any evidence to believe either side.

    Perhaps the Syrian government is not installing this software. Perhaps the activists are installing it to make the Syrian government look bad.

    I have only an absence of evidence (impartially gathered and analysed), and that means I should believe no-one's conclusions.

    1. Re:Why should I believe you? by Anonymous Coward · · Score: 3, Funny

      man, we missed you in threads about OWS. you could have accused protesters of dressing up as police and pepper spraying their friends. where were you?

    2. Re:Why should I believe you? by artor3 · · Score: 3

      Read the English-language Al Jazeera. They are a fantastic source for whenever you are worried that your views on the Middle East are being colored by Western propaganda.

    3. Re:Why should I believe you? by ThatsNotPudding · · Score: 1

      Read the English-language Al Jazeera [aljazeera.com]. They are a fantastic source for whenever you are worried that your views on the Middle East are being colored by Western propaganda.

      When you need to have your spectrum re-tinted by Middle Eastern propaganda. Everyone has an agenda.

    4. Re:Why should I believe you? by flyingsquid · · Score: 1

      This is a propaganda war as much as anything, and I don't have any evidence to believe either side.

      Comments like this really, really piss me off. The thing is, you *do* have information, or rather, you have information if you want it. You have what the Syrian people do not have- free access to the internet- which means that you can go to Google News, type in something like "Syria Internet Surveillance" and in a second have all the information you want, and then think critically about what it all means. There are lots of articles about Syria spying on its citizens, there are dozens of articles about Western companies (including U.S. based companies like NetApp) selling Syria the equipment to monitor and censor the internet and cell phone messages. We have tons of information all telling the same story- Syria has gone to incredible lengths to monitor and censor its citizens' communication. That doesn't mean this story is true, but it does make these allegations credible.

      Now, if you don't know anything about that, that's because of your own choices. You've made a choice not to be an informed citizen, and not to follow international news, and not to think critically. If you want to be uninformed, fine. You have that right. But don't go around being ignorant of the news and then pretending like you're far too clever to be taken in by propaganda.

  7. An oppressive government by nurb432 · · Score: 1

    oppresses its citizens..

    news at *yawn* 6...

    --
    ---- Booth was a patriot ----
  8. Who are the good guys? by Anonymous Coward · · Score: 1

    Do we have any way to really know for sure that the Syrian government are the bad guys here?
    Why should we assume that the "dissidents" are preferable?

    1. Re:Who are the good guys? by Alex+Belits · · Score: 1

      Because they work for CIA, the good guys!

      --
      Contrary to the popular belief, there indeed is no God.
    2. Re:Who are the good guys? by Em+Adespoton · · Score: 1

      Do there have to be good guys? Can't all sides be bad?

    3. Re:Who are the good guys? by Anonymous Coward · · Score: 1

      Do we have any way to really know for sure that the Syrian government are the bad guys here? Why should we assume that the "dissidents" are preferable?

      I guess the fact that a gov. is butchering their citizens makes them a bad guy. But, hey, I am guessing that you are with Iran, Russia, China, or North Korea?

    4. Re:Who are the good guys? by Anonymous Coward · · Score: 1

      This is a fantastic question, and indeed, the first question that ought to be asked in any discussion about Syria.

      First of all, the idea that a revolution in a Muslim country would be anything even close to the Velvet revolution in Czechoslovakia (which resulted in Czech & Slovakia amicably separating) is one of the most inane assumptions anyone could make of Muslims. In Tunisia, where the Arab Spring started, this is what is going on today - from a country that was always assumed to be very Westernized, and far from Islamic, thanks partly to the efforts of its ex ruler Ben Ali. I'm no fan of Muammar Gadaffi, but in Libya, the way he was lynched pretty much demonstrated that those replacing him are no better than he was. In Egypt, the end of Mubarak has also meant an Islamic regime is on the verge of taking over that country, suppressing the Copts even more, and if they have their way, restarting their jihad against Israel. All the ignoramuses in the West who support these 'democratic' movements seem blissfully unmindful of the fact that these movements are also supported by al Qaeda. Reason is simple - what those people want is not political pluralism, and DEFINITELY NOT religious pluralism. What they want is Shariah states in their countries, and if there happen to be non Muslims there, to hell with them. Already, Christians have fled the newly US established 'democratic' Iraq for Syria, which they are now starting to flee for Lebanon. In Egypt and Tunisia too, Copts & Jews are getting ready to flee, if they haven't done so already. And if the Sunnis lose, retribution like the one by Gen Hafez al Assad in 1982 in Homs is likely to follow. So it's a struggle for survival for both sides.

      The Arab League was pretty happy to support these 'democratic' movements in Tunisia, Libya and Egypt, but a funny thing happened in Bahrein. Since that country is 75% Shia, the Arab league, which now has only one Shia government in it - Iraq - doesn't want democracy there. So when the Arab Spring spread there, the Arab League was quick to propagandize that that actually was an Iranian attempt to take over the country via its Shia proxys, and the Saudis sent in troops to prevent their monarchy from collapsing.

      In Syria, what the Arab League alleged about Bahrein is even more true about Syria - in the converse sense. This is not an 'Arab Spring' type revolution, like in Eypt, Libya and Tunisia (where Jihadi elements came to power). It is a power struggle between the Sunni majority in that country, backed by Saudi Arabia and Turkey, vs a non Sunni coalition of Alawites, Druze, Syrian Christians and others led by the Baath party, and backed by Iran and Hizbullah. In short, it is a civil war, where both sides have everything to lose. If the Alawites lose, they will be massacred - already, there have been reports of Syrian Christians, Alawites and Shia being driven

  9. Re:how not to help by Em+Adespoton · · Score: 1

    Where were you during the debate about switching from standard transmission to automatic took place?

  10. One way to avoid this by techno-vampire · · Score: 1

    I took a look at TFA, and saw exactly what I expected: the malware is specifically designed to attack computers running Windows. Now, I'll admit that that's reasonable, considering how big Microsoft's market share is, but it does lead to an interesting suggestion: get the dissidents to move to Linux, at least as dual-boot, and only use Linux for their political activities. Not because Linux is immune to malware, but because it's immune to the specific malware they need to be concerned about. And, if they're not comfortable with English, there's even a distro, Parsix, that can be installed in either English or Parsi.

    --
    Good, inexpensive web hosting
    1. Re:One way to avoid this by unixisc · · Score: 1

      Except that the people of Syria don't speak Farsi - not even the Shia or Alawites. Although there may be Arabic localization in some of the lead distros.

    2. Re:One way to avoid this by techno-vampire · · Score: 1

      Yeah, I kinda figured that. However, the distro does come with the appropriate fonts by default, and the maintainers would probably see nothing wrong with adding an Arabic spin. The important thing, IMO, is getting them away from using a vulnerable OS for their political activities.

      --
      Good, inexpensive web hosting
  11. Re:Good for them! by WorBlux · · Score: 1

    Somalia wasn't a failed state, it was a failure to create 8 states. It's a very tribal culture, and each tribe should just be recognized individually, imperial sensibilities be damned.

  12. Targeted __WINDOWS__ attacks. by couchslug · · Score: 3, Informative

    Yes, it matters.

    Even the US military "gets" that Windows machines at home aren't at all secure and offers this nifty distro. Free download, and if you are USian your taxes were actually spent well for a change:

    http://www.spi.dod.mil/lipose.htm

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  13. How come there's no such hacker in Libya ? by Taco+Cowboy · · Score: 1

    Looks like the Syrian government is much more technically advanced than the one ran by the late Colonel Gaddafi in Libya

    --
    Muchas Gracias, Señor Edward Snowden !
  14. Re:how not to help by Johann+Lau · · Score: 1

    The fuck? What does that have to do with anything?

  15. Re:Not dissidents... by couchslug · · Score: 1

    Citations needed.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."